Configuring provisioning for LDAP
This configuration provisioning guide provides the basic information that you need to install and configure the LDAP Adapter. The adapter enables connectivity between the IBM® Security Verify server and a system that runs the directory server.
Before you begin
Note: LDAP provisioning is not supported for trial subscriptions.
- Make sure Security Directory Integrator (SDI) v7.2 (PN CJ30YML) is installed for your operating
system. See https://www.ibm.com/support/knowledgecenter/SSIGMP_1.0.0/com.ibm.itim_pim.doc/dispatcher/install_config/dispatcher_html_mstr.htm.
For more information, see IBM Security Directory Integrator Version 7.2 Download Document.
Table 1. SDI part numbers eAssembly number Operating system eImage number CJ30YML AIX CIS7MML Linux CIS7TML Solaris CIS7UML Windows CIS7QML Note: The default document is for AIX. Scroll down to step 3 to select your operating system. - Install and configure Security Directory Verify Adapter RMI Integrator dispatcher for Security Directory Integrator v7.2 (PN CC7ZMML). See https://www.ibm.com/support/pages/ibm-security-identity-adapters-v7x and SDI Dispatcher installation and configuration.
- Onboard LDAP application. See, Onboarding the LDAP Application.
About this task
Provisioning provides the following features.
- Create new users
- New users that are created through Verify are also created in the LDAP application.
- Delete users
- Deactivating the user or disabling the user's access to the application through Verify deletes the user in the LDAP application.
- Modify user profile
- Updates made to the user's profile through Verify are pushed to the LDAP application.
- User suspend and restore
- Suspending a user through Verify deactivates the user and restoring the user through Verify activates the user in the LDAP application.
- User synchronization and remediation
- Synchronization fetches all the LDAP application users, creates the users on Verify, and according to the remediation policy, modifies the attributes. Group synchronization fetches all the target application groups in Verify.
- Fine grained entitlement
- Fine grained entitlement is supported for the LDAP application. Synchronization fetches all LDAP application groups. Users can be added to or removed from groups.